Venkateswara Naralasetty <vnaralas@xxxxxxxxxxxxxx> wrote: > Currently sta airtime is updated without any lock in case of > host based airtime calculation. Which may result in accessing the > invalid sta pointer in case of continuous station connect/disconnect. > > This patch fix the kernel null pointer dereference by updating the > station airtime with proper RCU lock in case of host based airtime > calculation. > > Proceeding with the analysis of "ARM Kernel Panic". > The APSS crash happened due to OOPS on CPU 0. > Crash Signature : Unable to handle kernel NULL pointer dereference > at virtual address 00000300 > During the crash, > PC points to "ieee80211_sta_register_airtime+0x1c/0x448 [mac80211]" > LR points to "ath10k_txrx_tx_unref+0x17c/0x364 [ath10k_core]". > The Backtrace obtained is as follows: > [<bf880238>] (ieee80211_sta_register_airtime [mac80211]) from > [<bf945a38>] (ath10k_txrx_tx_unref+0x17c/0x364 [ath10k_core]) > [<bf945a38>] (ath10k_txrx_tx_unref [ath10k_core]) from > [<bf9428e4>] (ath10k_htt_txrx_compl_task+0xa50/0xfc0 [ath10k_core]) > [<bf9428e4>] (ath10k_htt_txrx_compl_task [ath10k_core]) from > [<bf9b9bc8>] (ath10k_pci_napi_poll+0x50/0xf8 [ath10k_pci]) > [<bf9b9bc8>] (ath10k_pci_napi_poll [ath10k_pci]) from > [<c059e3b0>] (net_rx_action+0xac/0x160) > [<c059e3b0>] (net_rx_action) from [<c02329a4>] (__do_softirq+0x104/0x294) > [<c02329a4>] (__do_softirq) from [<c0232b64>] (run_ksoftirqd+0x30/0x90) > [<c0232b64>] (run_ksoftirqd) from [<c024e358>] (smpboot_thread_fn+0x25c/0x274) > [<c024e358>] (smpboot_thread_fn) from [<c02482fc>] (kthread+0xd8/0xec) > > Tested HW: QCA9888 > Tested FW: 10.4-3.10-00047 > > Signed-off-by: Venkateswara Naralasetty <vnaralas@xxxxxxxxxxxxxx> > Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxx> Patch applied to ath-next branch of ath.git, thanks. acb31476adc9 ath10k: fix kernel null pointer dereference -- https://patchwork.kernel.org/patch/11468873/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
